HIPAA Blog

[ Tuesday, July 27, 2010 ]

New Data Breach Tool: HITECH now requires HIPAA-covered entities and business associates to provide notice to affected parties in the event of data breaches involving unsecured PHI, but not for breaches where there's not a substantial risk of harm. How do you determine whether an incident rises to the level of a breach, or whether a breach carries a risk of harm substantial enough to require notification? IDExperts has a tool, called RADAR (Risk Assessment Documentation And Reporting) that helps covered entities and business associates track and analyze breaches to determine whether notification is required.